holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Load the geoip cc's dynamically.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-05-20 08:59:59 -07:00
parent 84f92aa87c
commit d8ec051114
15 changed files with 541 additions and 905 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

474
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -29,6 +29,7 @@ require Exporter;
use Scalar::Util 'reftype';
use Digest::SHA qw(sha1);
use File::Basename;
use Shorewall::Config qw(:DEFAULT :internal);
use Shorewall::Zones;
use Shorewall::IPAddrs;
@ -565,7 +566,10 @@ my %aliases = ( protocol => 'p',
my @unique_options = ( qw/p dport sport icmp-type icmpv6-type s d i o/ );
our %isocodes;
my %isocodes;
use constant { ISODIR => '/usr/share/xt_geoip/LE' };
#
# Rather than initializing globals in an INIT block or during declaration,
# we initialize them in a function. This is done for two reasons:
@ -635,453 +639,7 @@ sub initialize( $$$ ) {
snmp => UDP,
tftp => UDP);
if ( $family == F_IPV4 ) {
%isocodes = (
A1 => "Anonymous Proxy" ,
A2 => "Satellite Provider" ,
AD => "Andorra" ,
AE => "United Arab Emirates" ,
AF => "Afghanistan" ,
AG => "Antigua and Barbuda" ,
AI => "Anguilla" ,
AL => "Albania" ,
AM => "Armenia" ,
AN => "Netherlands Antilles" ,
AO => "Angola" ,
AP => "Asia/Pacific Region" ,
AQ => "Antarctica" ,
AR => "Argentina" ,
AS => "American Samoa" ,
AT => "Austria" ,
AU => "Australia" ,
AW => "Aruba" ,
AX => "Aland Islands" ,
AZ => "Azerbaijan" ,
BA => "Bosnia and Herzegovina" ,
BB => "Barbados" ,
BD => "Bangladesh" ,
BE => "Belgium" ,
BF => "Burkina Faso" ,
BG => "Bulgaria" ,
BH => "Bahrain" ,
BI => "Burundi" ,
BJ => "Benin" ,
BM => "Bermuda" ,
BN => "Brunei Darussalam" ,
BO => "Bolivia" ,
BR => "Brazil" ,
BS => "Bahamas" ,
BT => "Bhutan" ,
BV => "Bouvet Island" ,
BW => "Botswana" ,
BY => "Belarus" ,
BZ => "Belize" ,
CA => "Canada" ,
CC => "Cocos (Keeling) Islands" ,
CD => "Congo, The Democratic Republic of the" ,
CF => "Central African Republic" ,
CG => "Congo" ,
CH => "Switzerland" ,
CI => "Cote D'Ivoire" ,
CK => "Cook Islands" ,
CL => "Chile" ,
CM => "Cameroon" ,
CN => "China" ,
CO => "Colombia" ,
CR => "Costa Rica" ,
CU => "Cuba" ,
CV => "Cape Verde" ,
CX => "Christmas Island" ,
CY => "Cyprus" ,
CZ => "Czech Republic" ,
DE => "Germany" ,
DJ => "Djibouti" ,
DK => "Denmark" ,
DM => "Dominica" ,
DO => "Dominican Republic" ,
DZ => "Algeria" ,
EC => "Ecuador" ,
EE => "Estonia" ,
EG => "Egypt" ,
EH => "Western Sahara" ,
ER => "Eritrea" ,
ES => "Spain" ,
ET => "Ethiopia" ,
EU => "Europe" ,
FI => "Finland" ,
FJ => "Fiji" ,
FK => "Falkland Islands (Malvinas)" ,
FM => "Micronesia, Federated States of" ,
FO => "Faroe Islands" ,
FR => "France" ,
GA => "Gabon" ,
GB => "United Kingdom" ,
GD => "Grenada" ,
GE => "Georgia" ,
GF => "French Guiana" ,
GG => "Guernsey" ,
GH => "Ghana" ,
GI => "Gibraltar" ,
GL => "Greenland" ,
GM => "Gambia" ,
GN => "Guinea" ,
GP => "Guadeloupe" ,
GQ => "Equatorial Guinea" ,
GR => "Greece" ,
GS => "South Georgia and the South Sandwich Islands" ,
GT => "Guatemala" ,
GU => "Guam" ,
GW => "Guinea-Bissau" ,
GY => "Guyana" ,
HK => "Hong Kong" ,
HN => "Honduras" ,
HR => "Croatia" ,
HT => "Haiti" ,
HU => "Hungary" ,
ID => "Indonesia" ,
IE => "Ireland" ,
IL => "Israel" ,
IM => "Isle of Man" ,
IN => "India" ,
IO => "British Indian Ocean Territory" ,
IQ => "Iraq" ,
IR => "Iran, Islamic Republic of" ,
IS => "Iceland" ,
IT => "Italy" ,
JE => "Jersey" ,
JM => "Jamaica" ,
JO => "Jordan" ,
JP => "Japan" ,
KE => "Kenya" ,
KG => "Kyrgyzstan" ,
KH => "Cambodia" ,
KI => "Kiribati" ,
KM => "Comoros" ,
KN => "Saint Kitts and Nevis" ,
KP => "Korea, Democratic People's Republic of" ,
KR => "Korea, Republic of" ,
KW => "Kuwait" ,
KY => "Cayman Islands" ,
KZ => "Kazakhstan" ,
LA => "Lao People's Democratic Republic" ,
LB => "Lebanon" ,
LC => "Saint Lucia" ,
LI => "Liechtenstein" ,
LK => "Sri Lanka" ,
LR => "Liberia" ,
LS => "Lesotho" ,
LT => "Lithuania" ,
LU => "Luxembourg" ,
LV => "Latvia" ,
LY => "Libyan Arab Jamahiriya" ,
MA => "Morocco" ,
MC => "Monaco" ,
MD => "Moldova, Republic of" ,
ME => "Montenegro" ,
MG => "Madagascar" ,
MH => "Marshall Islands" ,
MK => "Macedonia" ,
ML => "Mali" ,
MM => "Myanmar" ,
MN => "Mongolia" ,
MO => "Macau" ,
MP => "Northern Mariana Islands" ,
MQ => "Martinique" ,
MR => "Mauritania" ,
MS => "Montserrat" ,
MT => "Malta" ,
MU => "Mauritius" ,
MV => "Maldives" ,
MW => "Malawi" ,
MX => "Mexico" ,
MY => "Malaysia" ,
MZ => "Mozambique" ,
NA => "Namibia" ,
NC => "New Caledonia" ,
NE => "Niger" ,
NF => "Norfolk Island" ,
NG => "Nigeria" ,
NI => "Nicaragua" ,
NL => "Netherlands" ,
NO => "Norway" ,
NP => "Nepal" ,
NR => "Nauru" ,
NU => "Niue" ,
NZ => "New Zealand" ,
OM => "Oman" ,
PA => "Panama" ,
PE => "Peru" ,
PF => "French Polynesia" ,
PG => "Papua New Guinea" ,
PH => "Philippines" ,
PK => "Pakistan" ,
PL => "Poland" ,
PM => "Saint Pierre and Miquelon" ,
PR => "Puerto Rico" ,
PS => "Palestinian Territory, Occupied" ,
PT => "Portugal" ,
PW => "Palau" ,
PY => "Paraguay" ,
QA => "Qatar" ,
RE => "Reunion" ,
RO => "Romania" ,
RS => "Serbia" ,
RU => "Russian Federation" ,
RW => "Rwanda" ,
SA => "Saudi Arabia" ,
SB => "Solomon Islands" ,
SC => "Seychelles" ,
SD => "Sudan" ,
SE => "Sweden" ,
SG => "Singapore" ,
SH => "Saint Helena" ,
SI => "Slovenia" ,
SJ => "Svalbard and Jan Mayen" ,
SK => "Slovakia" ,
SL => "Sierra Leone" ,
SM => "San Marino" ,
SN => "Senegal" ,
SO => "Somalia" ,
SR => "Suriname" ,
ST => "Sao Tome and Principe" ,
SV => "El Salvador" ,
SY => "Syrian Arab Republic" ,
SZ => "Swaziland" ,
TC => "Turks and Caicos Islands" ,
TD => "Chad" ,
TF => "French Southern Territories" ,
TG => "Togo" ,
TH => "Thailand" ,
TJ => "Tajikistan" ,
TK => "Tokelau" ,
TL => "Timor-Leste" ,
TM => "Turkmenistan" ,
TN => "Tunisia" ,
TO => "Tonga" ,
TR => "Turkey" ,
TT => "Trinidad and Tobago" ,
TV => "Tuvalu" ,
TW => "Taiwan" ,
TZ => "Tanzania, United Republic of" ,
UA => "Ukraine" ,
UG => "Uganda" ,
UM => "United States Minor Outlying Islands" ,
US => "United States" ,
UY => "Uruguay" ,
UZ => "Uzbekistan" ,
VA => "Holy See (Vatican City State)" ,
VC => "Saint Vincent and the Grenadines" ,
VE => "Venezuela" ,
VG => "Virgin Islands, British" ,
VI => "Virgin Islands, U.S." ,
VN => "Vietnam" ,
VU => "Vanuatu" ,
WF => "Wallis and Futuna" ,
WS => "Samoa" ,
YE => "Yemen" ,
YT => "Mayotte" ,
ZA => "South Africa" ,
ZM => "Zambia" ,
ZW => "Zimbabwe" ,
)
} else {
%isocodes = (
AD => "Andorra" ,
AE => "United Arab Emirates" ,
AF => "Afghanistan" ,
AL => "Albania" ,
AM => "Armenia" ,
AO => "Angola" ,
AP => "Asia/Pacific Region" ,
AR => "Argentina" ,
AS => "American Samoa" ,
AT => "Austria" ,
AU => "Australia" ,
AW => "Aruba" ,
AZ => "Azerbaijan" ,
BA => "Bosnia and Herzegovina" ,
BD => "Bangladesh" ,
BE => "Belgium" ,
BF => "Burkina Faso" ,
BG => "Bulgaria" ,
BH => "Bahrain" ,
BI => "Burundi" ,
BJ => "Benin" ,
BM => "Bermuda" ,
BN => "Brunei Darussalam" ,
BO => "Bolivia" ,
BR => "Brazil" ,
BS => "Bahamas" ,
BT => "Bhutan" ,
BW => "Botswana" ,
BY => "Belarus" ,
BZ => "Belize" ,
CA => "Canada" ,
CD => "Congo, The Democratic Republic of the" ,
CH => "Switzerland" ,
CI => "Cote D'Ivoire" ,
CK => "Cook Islands" ,
CL => "Chile" ,
CM => "Cameroon" ,
CN => "China" ,
CO => "Colombia" ,
CR => "Costa Rica" ,
CU => "Cuba" ,
CW => "" ,
CY => "Cyprus" ,
CZ => "Czech Republic" ,
DE => "Germany" ,
DJ => "Djibouti" ,
DK => "Denmark" ,
DO => "Dominican Republic" ,
DZ => "Algeria" ,
EC => "Ecuador" ,
EE => "Estonia" ,
EG => "Egypt" ,
ES => "Spain" ,
EU => "Europe" ,
FI => "Finland" ,
FJ => "Fiji" ,
FM => "Micronesia, Federated States of" ,
FO => "Faroe Islands" ,
FR => "France" ,
GB => "United Kingdom" ,
GD => "Grenada" ,
GE => "Georgia" ,
GG => "Guernsey" ,
GH => "Ghana" ,
GI => "Gibraltar" ,
GL => "Greenland" ,
GM => "Gambia" ,
GP => "Guadeloupe" ,
GR => "Greece" ,
GT => "Guatemala" ,
GU => "Guam" ,
GY => "Guyana" ,
HK => "Hong Kong" ,
HN => "Honduras" ,
HR => "Croatia" ,
HT => "Haiti" ,
HU => "Hungary" ,
ID => "Indonesia" ,
IE => "Ireland" ,
IL => "Israel" ,
IM => "Isle of Man" ,
IN => "India" ,
IQ => "Iraq" ,
IR => "Iran, Islamic Republic of" ,
IS => "Iceland" ,
IT => "Italy" ,
JE => "Jersey" ,
JM => "Jamaica" ,
JO => "Jordan" ,
JP => "Japan" ,
KE => "Kenya" ,
KG => "Kyrgyzstan" ,
KH => "Cambodia" ,
KN => "Saint Kitts and Nevis" ,
KR => "Korea, Republic of" ,
KW => "Kuwait" ,
KY => "Cayman Islands" ,
KZ => "Kazakhstan" ,
LA => "Lao People's Democratic Republic" ,
LB => "Lebanon" ,
LI => "Liechtenstein" ,
LK => "Sri Lanka" ,
LS => "Lesotho" ,
LT => "Lithuania" ,
LU => "Luxembourg" ,
LV => "Latvia" ,
LY => "Libyan Arab Jamahiriya" ,
MA => "Morocco" ,
MC => "Monaco" ,
MD => "Moldova, Republic of" ,
ME => "Montenegro" ,
MG => "Madagascar" ,
MH => "Marshall Islands" ,
MK => "Macedonia" ,
ML => "Mali" ,
MM => "Myanmar" ,
MN => "Mongolia" ,
MO => "Macau" ,
MT => "Malta" ,
MU => "Mauritius" ,
MV => "Maldives" ,
MW => "Malawi" ,
MX => "Mexico" ,
MY => "Malaysia" ,
MZ => "Mozambique" ,
NA => "Namibia" ,
NC => "New Caledonia" ,
NF => "Norfolk Island" ,
NG => "Nigeria" ,
NI => "Nicaragua" ,
NL => "Netherlands" ,
NO => "Norway" ,
NP => "Nepal" ,
NR => "Nauru" ,
NU => "Niue" ,
NZ => "New Zealand" ,
OM => "Oman" ,
PA => "Panama" ,
PE => "Peru" ,
PF => "French Polynesia" ,
PG => "Papua New Guinea" ,
PH => "Philippines" ,
PK => "Pakistan" ,
PL => "Poland" ,
PR => "Puerto Rico" ,
PS => "Palestinian Territory" ,
PT => "Portugal" ,
PW => "Palau" ,
PY => "Paraguay" ,
QA => "Qatar" ,
RO => "Romania" ,
RS => "Serbia" ,
RU => "Russian Federation" ,
RW => "Rwanda" ,
SA => "Saudi Arabia" ,
SB => "Solomon Islands" ,
SC => "Seychelles" ,
SD => "Sudan" ,
SE => "Sweden" ,
SG => "Singapore" ,
SI => "Slovenia" ,
SK => "Slovakia" ,
SL => "Sierra Leone" ,
SM => "San Marino" ,
SN => "Senegal" ,
SO => "Somalia" ,
ST => "Sao Tome and Principe" ,
SV => "El Salvador" ,
SY => "Syrian Arab Republic" ,
SZ => "Swaziland" ,
TH => "Thailand" ,
TK => "Tokelau" ,
TN => "Tunisia" ,
TO => "Tonga" ,
TR => "Turkey" ,
TT => "Trinidad and Tobago" ,
TV => "Tuvalu" ,
TW => "Taiwan" ,
TZ => "Tanzania, United Republic of" ,
UA => "Ukraine" ,
UG => "Uganda" ,
US => "United States" ,
UY => "Uruguay" ,
UZ => "Uzbekistan" ,
VA => "Holy See (Vatican City State)" ,
VE => "Venezuela" ,
VI => "Virgin Islands, U.S." ,
VN => "Vietnam" ,
VU => "Vanuatu" ,
WS => "Samoa" ,
YE => "Yemen" ,
ZA => "South Africa" ,
ZM => "Zambia" ,
ZW => "Zimbabwe" ,
);
}
%isocodes = ();
#
# The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined.
@ -5130,6 +4688,18 @@ sub conditional_rule_end( $ ) {
add_commands( $chainref , "fi\n" );
}
sub load_isocodes() {
my $isodir = $config{GEOIPDIR} || ISODIR;
fatal_error "GEOIPDIR ($isodir) does not exist" unless -d $isodir;
my @codes = `ls $isodir/*$family 2>/dev/null`;
fatal_error "$isodir does not exist or is empty" unless @codes;
$isocodes{substr(basename($_),0,2)} = 1 for @codes;
}
sub mysplit( $;$ );
#
@ -5177,6 +4747,8 @@ sub match_source_net( $;$\$ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
load_isocodes unless %isocodes;
my @countries = split_list $2, 'cc';
fatal_error "Too many Country Codes ($2)" if @countries > 15;
@ -5247,6 +4819,8 @@ sub imatch_source_net( $;$\$ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
load_isocodes unless %isocodes;
my @countries = split_list $2, 'cc';
fatal_error "Too many Country Codes ($2)" if @countries > 15;
@ -5314,6 +4888,8 @@ sub match_dest_net( $;$ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
load_isocodes unless %isocodes;
my @countries = split_list $2, 'cc';
fatal_error "Too many Country Codes ($2)" if @countries > 15;
@ -5379,6 +4955,8 @@ sub imatch_dest_net( $;$ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
load_isocodes unless %isocodes;
my @countries = split_list $2, 'cc';
fatal_error "Too many Country Codes ($2)" if @countries > 15;

1
Shorewall/Perl/Shorewall/Config.pm
View File

@ -559,6 +559,7 @@ sub initialize( $;$ ) {
RESTOREFILE => undef,
IPSECFILE => undef,
LOCKFILE => undef,
GEOIPDIR => undef,
#
# Default Actions/Macros
#

2
Shorewall/Samples/Universal/shorewall.conf
View File

@ -55,6 +55,8 @@ TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall
GEOIPDIR="/usr/share/xt_geoip/LE"
IPTABLES=
IP=

2
Shorewall/Samples/one-interface/shorewall.conf
View File

@ -66,6 +66,8 @@ TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall
GEOIPDIR="/usr/share/xt_geoip/LE"
IPTABLES=
IP=

2
Shorewall/Samples/three-interfaces/shorewall.conf
View File

@ -64,6 +64,8 @@ TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall
GEOIPDIR="/usr/share/xt_geoip/LE"
IPTABLES=
IP=

2
Shorewall/Samples/two-interfaces/shorewall.conf
View File

@ -67,6 +67,8 @@ TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall
GEOIPDIR="/usr/share/xt_geoip/LE"
IPTABLES=
IP=

2
Shorewall/configfiles/shorewall.conf
View File

@ -55,6 +55,8 @@ TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR="/usr/share/xt_geoip/LE"
IPTABLES=
IP=

33
Shorewall/manpages/shorewall.conf.xml
View File

@ -96,7 +96,7 @@
role="bold">none</emphasis>}</term>
<listitem>
<para></para>
<para/>
</listitem>
</varlistentry>
@ -106,7 +106,7 @@
role="bold">none</emphasis>}</term>
<listitem>
<para></para>
<para/>
</listitem>
</varlistentry>
@ -116,7 +116,7 @@
role="bold">none</emphasis>}</term>
<listitem>
<para></para>
<para/>
</listitem>
</varlistentry>
@ -126,7 +126,7 @@
role="bold">none</emphasis>}</term>
<listitem>
<para></para>
<para/>
</listitem>
</varlistentry>
@ -482,7 +482,7 @@
</itemizedlist>
<blockquote>
<para></para>
<para/>
<para>If CONFIG_PATH is not given or if it is set to the empty
value then the contents of /usr/share/shorewall/configpath are
@ -669,6 +669,21 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">GEOIPDIR</emphasis>=[<emphasis>pathname</emphasis>]</term>
<listitem>
<para>Added in Shorewall 4.5.4. Specifies the pathname of the
directory containing the <firstterm>GeoIP Match</firstterm>
database. See <ulink
url="http://www.shorewall.net/ISOCODES.html">http://www.shorewall.net/ISOCODES.html</ulink>.
If not specified, the default value is
<filename>/usr/share/xt_geoip/LE</filename> which is the default
location of the little-endian database.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">HIGH_ROUTE_MARKS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
@ -814,7 +829,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</varlistentry>
</variablelist>
<para></para>
<para/>
<blockquote>
<para>If this variable is not set or is given an empty value
@ -1024,7 +1039,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</listitem>
</itemizedlist>
<para></para>
<para/>
<blockquote>
<para>For example, using the default LOGFORMAT, the log prefix for
@ -1041,7 +1056,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
control your firewall after you enable this option.</para>
</important>
<para></para>
<para/>
<caution>
<para>Do not use this option if the resulting log messages will
@ -1694,7 +1709,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
role="bold">"</emphasis></term>
<listitem>
<para></para>
<para/>
</listitem>
</varlistentry>

2
Shorewall6/Samples6/Universal/shorewall6.conf
View File

@ -54,6 +54,8 @@ TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
GEOIPDIR="/usr/share/xt_geoip/LE"
IP6TABLES=
IP=

2
Shorewall6/Samples6/one-interface/shorewall6.conf
View File

@ -54,6 +54,8 @@ TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
GEOIPDIR="/usr/share/xt_geoip/LE"
IP6TABLES=
IP=

2
Shorewall6/Samples6/three-interfaces/shorewall6.conf
View File

@ -54,6 +54,8 @@ TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
GEOIPDIR="/usr/share/xt_geoip/LE"
IP6TABLES=
IP=

2
Shorewall6/Samples6/two-interfaces/shorewall6.conf
View File

@ -54,6 +54,8 @@ TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
GEOIPDIR="/usr/share/xt_geoip/LE"
IP6TABLES=
IP=

2
Shorewall6/configfiles/shorewall6.conf
View File

@ -54,6 +54,8 @@ TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH="${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR="/usr/share/xt_geoip/LE"
IP6TABLES=
IP=

31
Shorewall6/manpages/shorewall6.conf.xml
View File

@ -82,7 +82,7 @@
role="bold">none</emphasis>}</term>
<listitem>
<para></para>
<para/>
</listitem>
</varlistentry>
@ -92,7 +92,7 @@
role="bold">none</emphasis>}</term>
<listitem>
<para></para>
<para/>
</listitem>
</varlistentry>
@ -102,7 +102,7 @@
role="bold">none</emphasis>}</term>
<listitem>
<para></para>
<para/>
</listitem>
</varlistentry>
@ -112,7 +112,7 @@
role="bold">none</emphasis>}</term>
<listitem>
<para></para>
<para/>
</listitem>
</varlistentry>
@ -578,6 +578,21 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">GEOIPDIR</emphasis>=[<emphasis>pathname</emphasis>]</term>
<listitem>
<para>Added in Shorewall 4.5.4. Specifies the pathname of the
directory containing the <firstterm>GeoIP Match</firstterm>
database. See <ulink
url="http://www.shorewall.net/ISOCODES.html">http://www.shorewall.net/ISOCODES.html</ulink>.
If not specified, the default value is
<filename>/usr/share/xt_geoip/LE</filename> which is the default
location of the little-endian database.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">HIGH_ROUTE_MARKS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
@ -887,7 +902,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</listitem>
</itemizedlist>
<para></para>
<para/>
<blockquote>
<para>For example, using the default LOGFORMAT, the log prefix for
@ -904,7 +919,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
control your firewall after you enable this option.</para>
</important>
<para></para>
<para/>
<caution>
<para>Do not use this option if the resulting log messages will
@ -1340,7 +1355,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<para>An additional optimization was added in Shorewall 4.5.4.
If the last rule in a chain is an unqualified jump to a simple
target, then all immediately preceding rules with the same
simple target are omitted. </para>
simple target are omitted.</para>
<para>For example, consider this chain:</para>
@ -1492,7 +1507,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
role="bold">"</emphasis></term>
<listitem>
<para></para>
<para/>
</listitem>
</varlistentry>

7
docs/ISO-3661.xml
View File

@ -54,6 +54,13 @@
DROP:info net:^[A1,A2] dmz tcp 25
</programlisting>
<para>Using this feature requires the <firstterm>GeoIP Match</firstterm>
capability in your iptables and kernel. As of this writing, that
capability requires installing <ulink
url="http://xtables-addons.sourceforge.net/">xtables-addons</ulink> and
<ulink url="http://xtables-addons.sourceforge.net/geoip.php">building a
country-code database</ulink>.</para>
<para>The country codes recognized by Shorewall as of Shorewall 4.5.4 are
shown in the following two sections.</para>
</section>